User and entity behavior analytics (UEBA) or anomaly detection is a cybersecurity technique that uses machine algorithms to detect anomalous activities of users, hosts, and other entities in a network. To detect anomalies, UEBA first learns about the expected behavior of all users and entities in a network and creates a baseline of regular activities for each of them. Any activity that deviates from this baseline gets flagged as an anomaly. UEBA solutions grow more effective the more experience they gain.
Read our free e-book and learn how anomaly detection can help secure your organization.Free e-book: Anomaly detection in cybersecurity for dummies
A risk score is calculated for each user and entity in the organization after comparing their actions to their baseline of regular activities. The risk score can range from anywhere between 0 to 100, indicating no risk to maximum risk, respectively. The risk score is dependent on factors such as the allotted weight of the action, the extent of the deviation from the baseline, the frequency of deviation, and the time elapsed since the deviation.
Here are some activities that might increase the risk score of users and entities, indicating possible insider threats, account compromise, and data exfiltration.
Log360 UEBA analyzes logs from different sources including firewalls, routers, workstations, databases, and file servers. Any deviation from normal behavior is classified as a time, count, or pattern anomaly.
CISCONet ScreenSophosPalo AltoWatch GuardWindows
Windows 10Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP Prof. X64 ed. Windows XP
Window Server 2019 Window Server 2016 Window Server 2012 Window Server 2012 R2 Window Server 2008 Window Server 2008 R2 Window Server 2003 Window Server 2003 R2
OracleSQL ServerMy SQL
Access to reports such as:
Logon reports File activities reports Logon failure reports Firewall changes reports Configuration changes reports
All the data used to generate the reports can be viewed in graphical form.
UEBA maintains a risk score for each and every user and entity profile. Whenever an activity log for a user/entity differs from its baseline, the risk score of that particular profile increases. An increased risk score of a profile helps the IT admin to look into the matter immediately to prevent any security breach.
Graphically represents the variations in the number of anomalies for a given time period.
© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.